Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
824,137 coordinated disclosures
465,978 fixed vulnerabilities
1273 bug bounties with 2,430 websites
21,655 researchers, 1280 honor badges

Amberlo Bug Bounty Program

Amberlo runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of Amberlo

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between Amberlo and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

test.amberlo.io

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

We have created Amberlo to provide better access to justice. Like any other technology, Amberlo is not perfect. Therefore we aim to work with the leading security researchers worldwide to strengthen Amberlo app security.

Please inform us about any security issues, and we will make sure that we fix them promptly in collaboration with you.

While researching, we'd like to ask you to avoid the following:
* Denial of service attacks
* Spamming
* Social engineering (including phishing) of Amberlo staff or contractors
* Any physical attempts against Amberlo property or data centers

Thank you for helping keep the Amberlo app and our users safe!

Testing Requirements:

We have mirrored our production environment and created new environment for testing at test.amberlo.io. Please use test.amberlo.io while researching, but try to avoid anything that would result in an extreme load on the prepared test environment.

Possible Awards:

Amberlo offers a monetary bounty for reports of qualifying security vulnerabilities. Reward amounts will vary based on the severity of the reported vulnerability and agreed upon case by case.

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

ajaysenr     28 January, 2021
    ajaysenr:
Thanks Team for the reward and quick response, Appreciate it.
B19R8A14     25 January, 2021
    B19R8A14:
hello, i have reported the vulnerability via email please check
shankarvemula01     21 January, 2021
    shankarvemula01:
HELLO TEAM,

I AM REPORTING VIA EMAIL THAT SUPPORTMAILS

PLEASE CHECK EMAILS FROM SHANKARSECU

  Latest Patched

 02.03.2021 uscutter.com
 02.03.2021 skoob.com.br
 02.03.2021 unimed.coop.br
 02.03.2021 dor.mo.gov
 02.03.2021 bop.gov
 02.03.2021 esgdata.gfdl.noaa.gov
 02.03.2021 itpark.am
 02.03.2021 meteociel.fr
 02.03.2021 langs.me
 02.03.2021 lookmovie.io

  Latest Blog Posts

10.02.2021 by Renzi25031469
Sysadminotaur nº88
10.02.2021 by Open Bug Bounty
Higher Submissions Quality Standard
25.12.2020 by _Y000_
How to bypass mod_security (WAF)
10.12.2020 by _Y000_
sql injection to bypass Mod_Security
10.12.2020 by _Y000_
Create encoded sql payloads

  Recent Recommendations

@CERT_rlp     1 March, 2021
    Twitter CERT_rlp:
The team of CERT-rlp would like to thank Cyber_India for a responsible and coordinated disclosure of vulnerabilities.
@CERT_rlp     1 March, 2021
    Twitter CERT_rlp:
The team of CERT-rlp would like to thank Cyber_India for a responsible and coordinated disclosure of vulnerabilities
@CERT_rlp     1 March, 2021
    Twitter CERT_rlp:
The team of CERT-rlp would like to thank Cyber_World for a responsible and coordinated disclosure of information disclosure vulnerabilities
@CERT_rlp     1 March, 2021
    Twitter CERT_rlp:
The team of CERT-rlp would like to thank killua for a responsible and coordinated disclosure of an XSS vulnerability.
@CERT_rlp     1 March, 2021
    Twitter CERT_rlp:
The team of CERT-rlp would like to thank devl00p for a responsible and coordinated disclosure of XSS vulnerabilities